ClawHub

MemWeaver

v0.1.0

Memory Profiler — Mine hidden patterns from your Agent's memory, confirm via interactive quiz, and generate a structured user profile.

0· 60·0 current·0 all-time
by@fret774
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (memory profiling, hidden-pattern mining, interactive quiz) match the included files and runtime instructions. The only binary required is python3 and the scripts read MEMORY.md and daily logs — which is exactly what the skill claims to need.
Instruction Scope
SKILL.md and README instruct the Agent to read .codebuddy/MEMORY.md and memory/*.md, run local scripts to gather content, then perform a multi-step LLM analysis and generate question batches. That scope is coherent with the stated purpose. Important caveat: the 'LLM deep analysis' step implies sending memory content to the agent's model; if the agent uses a hosted/cloud LLM, that will transmit sensitive memory data off your machine. The README's 'No external APIs' claim refers to the skill itself (no network calls in scripts) but does not eliminate data transmission to whatever LLM the agent uses.
Install Mechanism
No install spec; instruction-only with two small Python scripts. No downloads from remote URLs, no package installs, and scripts use only standard library. Low install risk.
Credentials
The skill requests no environment variables or credentials and only accesses files in the detected workspace (.codebuddy/MEMORY.md and .codebuddy/memory/*). This access is proportionate to the profiling goal. There are no unrelated credential or config requirements.
Persistence & Privilege
always:false and user-invocable:true (normal). The save script writes profiles under memweaver/output/ and backs up existing profiles; it does not modify other skills or system settings. No privileged or persistent system-level changes are requested.
Assessment
What this means for you: - Functionally coherent: The skill does what it says — it reads your agent memory files, runs local Python scripts to collect them, then uses the Agent/LLM to derive patterns and ask you questions. The included scripts do not phone home or require keys. - Privacy risk (important): The scripts are local, but the analysis step requires an LLM. If your agent uses a cloud-hosted model (OpenAI, Anthropic, etc.), your full memory content will likely be sent to that provider. If you want the analysis to remain private, run the skill with a locally hosted model or reduce the data sent (use --days small, remove very sensitive notes before running). - Practical precautions: - Inspect the two Python scripts (collect_memory.py, save_profile.py) yourself — they are small, use only stdlib, and only read/write workspace files. - Run collect_memory.py with a small --days first to see what will be included and review the JSON output before handing it to a model. - Confirm where your Agent's model runs. If using a hosted LLM, do not feed highly sensitive memory to it. - Keep backups or run in an isolated/test workspace if you want to trial the skill. - If you need stronger guarantees, request the author clarify model-hosting assumptions or modify the workflow to limit content before analysis. - No red flags for hidden network endpoints, extra credentials, or unusual install behavior were found. If you do not want your memory analyzed by an external hosted model, do not invoke the skill until you confirm a local-model setup.

Like a lobster shell, security has layers — review code before you run it.

latestvk977g5fgy866ywbdq8sge44sq983h3ym

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3

Comments